CCNA Security 2.0 PT Practice SA Part 2 Answers

CCNA Security 2.0 PT Practice SA Part 2

The purpose of this Cisco Packet Tracer Skills Assessment (PTSA) is to support student success by providing additional student practice of security technology and features included in the CCNA Security course through the use of the command-line interface (CLI). PTSA is divided into two parts, Part 1 concentrates on the security implementation on LAN and and Zone Based Firewall. Part 2 extends the network security to across the Internet connection, such as site-to-site VPN and using an Cisco ASA device. This is Part 2. Copyright 2016, Cisco Systems, Inc.

CONFIGURE TERMINAL HQ-ASA

enable
Thecar1Admin
configure terminal
domain-name thecar1.com

int vlan 1
ip address 192.168.10.1 255.255.255.0
nameif inside
Security-level 100
no shutdown
int eth0/1
switchport acces vlan 1
no shutdown

int vlan 2
ip add 209.165.200.253 255.255.255.240
nameif outside
security-level 0
no shutdown
int eth0/0
switchport acces vlan 2
no shutdown

int vlan 3
ip add 192.168.20.1 255.255.255.0
No forward int vlan 1
nameif dmz
security-level 70
no shutdown

int eth0/2
switchport acces vlan 3
no shutdown
exit
dhcpd add 192.168.10.25-192.168.10.35 inside
dhcpd dns 192.168.10.10
dhcpd option 3 ip 192.168.10.1
dhcpd enable inside

ntp authenticate
ntp authentication-key 1 md5 corpkey
ntp server 192.168.10.10 key 1
aaa authentication ssh console LOCAL

crypto key generate rsa modulus 1024
yes
ssh ?
ssh 192.168.10.5 ?
ssh 192.168.10.5 255.255.255.255?
ssh 192.168.10.5 255.255.255.255 inside

ssh timeout 20
object network inside-nat
subnet 192.168.10.0 255.255.255.0
nat (inside,outside) dynamic interface
object network dmz-dns-server
host 192.168.20.5
nat (dmz,outside) static 209.165.200.242
object network dmz-web-server
host 192.168.20.2
nat (dmz,outside) static 209.165.200.241
exit

configure terminal
class-map inspection_default
match default-inspection-traffic
policy-map global_policy

class inspection_default
inspect dns
inspect ftp
inspect http
inspect icmp
exit

service-policy global_policy global
access-list OUTSIDE-TO-DMZ extended permit tcp any host 209.165.200.241 eq 80
access-list OUTSIDE-TO-DMZ extended permit tcp any host 209.165.200.242 eq 53
access-list OUTSIDE-TO-DMZ extended permit udp any host 209.165.200.242 eq 53
access-list OUTSIDE-TO-DMZ extended permit tcp host 198.133.219.35 host 209.165.200.241 eq 21
access-group OUTSIDE-TO-DMZ in interface outside

CONFIGURE TERMINAL ROUTER HQ

CORPADMIN
Ciscoccnas
enable
ciscoclass
configure terminal
access-list 120 permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 2
lifetime 86400
exit

crypto isakmp key Vpnpass101 address 198.133.219.2
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp
set peer 198.133.219.2
set pfs group2
set security-association lifetime seconds 86400
set transform-set VPN-SET
match address 120
exit
int s0/0/0
crypto map VPN-MAP

Branch

enable
ciscoclass
conf ter

access-list 120 permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 2
lifetime 86400
exit
crypto isakmp key Vpnpass101 address 209.165.200.226
crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
crypto map VPN-MAP 10 ipsec-isakmp

set peer 209.165.200.226
set pfs group2
set security-association lifetime seconds 86400
set transform-set VPN-SET
match address 120
exit
int s0/0/0
crypto map VPN-MAP

ccna security 2.0 pt practice sa part 1

ccna security 2.0 pt practice sa part 2

ccna security 2.0 pretest exam

ccna security 2.0 pretest exam answers

ccna security 2.0 practice final exam

ccna security 2.0 practice skills assessment part 2

ccna security 2.0 practice final

ccna security 2.0 pt practice sa part 2 answers

ccna security 2.0 final exam

ccna security 2.0 pt practice skills part 1 answers

assignment ccna security 2.0 pt practice sa part 2

ccna security 2.0 final exam answers

ccna security implementing network security (version 2.0) - ccna security 2.0 pretest exam answer

ccna security implementing network security (version 2.0) - ccna security 2.0 pretest exam answers

ccna security v2 pretest exam answers

ccna security v2 0 final exam answers 100

ccna security implementing network security ( versión 2.0) - ccna security 2.0 pretest exam

ccna security practice final exam v2

ccna security implementing network security ( versión 2.0) - ccna security 2.0 practice final

ccna security implementing network security 2.0 final exam

ccna security 2.0 exam answers

ccna security implementing network security (version 2.0) final exam

ccna security implementing network security (version 2.0) - ccnas final exam answers

ccna security implementing network security (version 2.0) - ccnas final exam answer

ccna security 2.0 exam

ccna security implementing network security ( versión 2.0) - ccnas final exam

ccna security v2 final exam answers

ccna security practice final exam v2.0 exam answers

practice final exam ccna security v2.0

ccna security 2.0 chapter 1 exam answers

ccna security 2.0 chapter 2 exam answers

ccna security implementing network security (version 2.0) - ccnas final exam

ccna security implementing network security (version 2.0) - ccna security 2.0 pretest exam

ccna security practice final exam v2 0 exam answers

ccna security practice final exam v2 0 exam answers 100

practice final exam ccna security v2 0

ccna security v2 chapter 1 exam answers

ccna security v2 chapter 2 exam answers

practice final exam ccna security v2 0 chapter 1

practice final exam ccna security v2 0 chapter 100

menu melayang

CCNA Security 2.0 PT Practice SA Part 2 Answers